0 Low
EPSS
Percentile
0.0%
rails is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user-input sanitization in HTML elements, which allows an attacker to inject and execute arbitrary JavaScript into the browser.
github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd
github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214
security-tracker.debian.org/tracker/CVE-2023-23913